Gitlab + ldap(tlsあり)設定メモ

• 概要
• gitlab.rb
• start_tls だとエラーになる

概要

過去にTLSなしのLDAPと連携する方法を紹介しました

TLS 版も確認したのでメモがてら記載しておきます

ちなみに TLS + LDAP の構築方法はこちらです

gitlab.rb

gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = {
  'main' => {
    'label' => 'login',
    'host' => 'your.ldap.server.com',
    'port' => 1636,
    'uid' => 'uid',
    'encryption' => 'simple_tls',
    'verify_certificates' => true,
    'bind_dn' => 'cn=admin,dc=example,dc=org',
    'password' => 'xxx',
    'timeout' => 60,
    'active_directory' => false,
    'allow_username_or_email_login' => false,
    'block_auto_created_users' => false,
    'base' => 'dc=example,dc=org',
    'user_filter' => '',
    'lowercase_usernames' => false,
    'attributes' => {
      'username' => ['uid', 'userId', 'sAMAccountName'],
      'email' => ['mail', 'email', 'userPrincipalName'],
      'name' => 'uid',
      'first_name' => '',
      'last_name' => '',
    },
  }
}

start_tls だとエラーになる

gitlab

Could not authenticate you from Ldapmain because "No start tls result".

openldap

63e1d4cd.1b38e0da 0x7fbaf180c700 conn=1014 fd=14 ACCEPT from IP=xxx.xxx.xxx.xxx:33202 (IP=0.0.0.0:1636)
63e1d4cd.1b3b7769 0x7fbaf0d0a700 TLS: can't accept: error:1408F10B:SSL routines:ssl3_get_record:wrong version number.
63e1d4cd.1b3e00d9 0x7fbaf0d0a700 conn=1014 fd=14 closed (TLS negotiation failure)

Openldap の場合は素直に simple_tls を使うのがいいのかもしれません